How good was Top Gear tonight? First in the new series and their ‘Top Gear Top Fuel Consumption Tips’ were excellent, pretty much if you want a good mpg in a supercar, get an Audi R8. Which I actually had the pleasure of sitting in about two weeks ago. Granted it was in the Audi garage but oh my goodness the urge to hot wire it, drive through the huge glass windows and some how escape onto the M8 motorway without being caught just to say that I’d driven one, was massive. It’s the sexiest car I’ve ever, ever seen.

Anyway, aside from proving that yet again Audi cars are the best; Jeremy, James and Richard (oh wow how cute did he look tonight?) actually had a good few tips and they can all be found on the Top Gear website.

1. If you see the lights ahead are red, take your foot off the throttle immediately. If you wait and then use your brakes you are simply wasting the fuel you used to achieve a speed you didn’€™t need. Remember, a modern engine uses no fuel at all when it’€™s coasting in gear.
2. Next. Speed. Wind it down. You don’t need to do 25 mph, but instead of doing 80 on the motorway, try 75. Or if you normally do 120, try 110.
3. 56 mph, by the way, really is the optimum speed for good fuel consumption in most cars. Don’€™t try this in villages though or you will have to spend some time in a prison.
4. When leaving the lights, accelerate smartly. Not like a bat out of hell. But don’€™t dawdle. Get the car into top gear as quickly as is reasonable. Fifth gear, remember, is no good at all.
5. Don’t buy a Toyota Prius.

Fair enough, I find most of them useful because of the injection of humour that possibly only British readers will get, or indeed just Top Gear fans. Whatever, I thought I’d share anyway.

I am utterly ashamed to call myself a Rangers fan after the chaos in Manchester on Wednesday. A handful of drunk, coke-fuelled idiots have made a laughing stock of my city and my football team. It looked like Manchester city Police didn’t have the situation under control half the time, there really shouldn’t have been a situation to control in the first place. Yes, it was a big game but fans should have been there to have a good time, not attack police officers and make the atmosphere feel like Basra.

For any readers from Manchester, I’m so sorry that these hooligans caused mayhem in your city - believe me, we’re not all like that. I can’t believe that no action is to be taken against Ranger’s Football Club, fans were invited to Manchester to watch the game, not stab a rival fan and treat the city like a dumping ground for empty alcohol bottles and urine.

Seriously, I am ashamed to call myself a Rangers fan.

(all images copyright to BBC News Website.)

Single bloggers unite - there’s now a dating site for you!

The lovely Rhys at gospelrhys.co.uk has set up ShagABlogger.com, a dating/meeting site for bloggers.

It’s brilliant, but I don’t have a use for it…but maybe some of you do? Check it out.

I love reviewing websites, it gives me a chance to read blogs that I wouldn’t otherwise read and occaisionally help people out with my wise knowledge¹

acowboyswife.com

1. The name, the design…awesome! The cow girl in the header is great. Finally, a properly themed blog.
2. Photos in blogs are great, some of the photgraphy is amazing, especially this one, it’s gorgeous.
3. Writing style is great, I enjoyed reading the posts even though cowboy’s and Texan life isn’t exactly top of my interests list

mythoughtsideasandramblings.com

1. Header is great, love the images used and the ‘happiness’ of it all
2. Although this is a paid-to-blog blog, I still read the paid posts as they fit in well with the rest of the blog and don’t scream ‘advert’

lowcarbtips.org

1. I learned stuff, but took me a while to find what I was looking for (the best way to go low-carb)
2. There’s so much detail, obviously written by somebody who cares a good deal about the subject of low carb eating.

Thoughts From A Foreign Place

1. I love random blogs with links to others, a jumpsite to more information and news stories so this site gets the thumbs up from me.
2. There’s way too much advertising for my liking though.

¹Yes, I’m very wise. Really.

A few hours ago I opened up my GoogleReader and began reading through the 100+ feeds that I’ve managed to neglect over the course of the past 4 days. I was quite content reading away until I came across an entry from Nettuts.com about creating a layout. I loved the end result of the tutorial and ended up creating my own theme from the tutorial. It’s very similar to the tutorial, but at the same time, it’s not really. Uh, whatever. I love it and it’s staying for the long run (i.e. about 2 weeks).

I’ve got a couple of things still to add, my Reading Library to chane back to running off a plugin rather than a script from another site, and I’m not too sure about the text at the top…too much like a menu, maybe? I don’t know. I’ll see if it grows on me by the morning.

It’s a miracle that I’m still awake, I woke up pretty early this morning because the sun was blaring through my curtains. I’m impressed that the sun was shining on a Bank Holiday to be honest, such a shame that I had to go to work though - I spent half the night staring out the front door wishing I was sitting in a park, eating a picnic and listening to music with my mates! And after the chaos trying to get to work I really wasn’t in the mood to be working at all. I’m off til 4pm on Wednesday and I plan to fill those hours with as much as possible rather than my usual of sitting watching TV or reading a book.

I want to do all my laundry and take old clothes to a charity shop since I’ve got clothes everywhere which I hardly ever wear. And I really need to plant all the bulbs that I bought a few weeks ago in the front garden so that when summer finally arrives the garden will be nice and colourful rather than just grass and a few roses. I like having something pretty to look at when I’m sitting outside reading.

Other than that, I don’t know how I’m going to fill the next two days - I have no spare cash so anything that I can do must be free. If it’s nice again tomorrow I’ll probably take the dog down to the local country park for a while, I’m sure she’ll enjoy it and I could do with the fresh air.

Last night I found out the hard way why WordPress security is so important. My site got hacked/hijacked and the result was that every single internal link autoforwarded to a pornsite that tried to install toolbars, trojans..the lot.

I know that this has happened to at least one other blog that I visit, and probably lots more. The reasoning is probably down to unsecure file permissions within the wordpress files on my server. (Possibly something to do with the fact that WordPress have released version 2.5.1 with ultra important security fixes?)

So after deleting everything from the server and installing WordPress afresh (which of course came with it’s own problems of trying to remember all the plugins that I had installed etc) and importing a backup I took control of my blog again.

But it got me thinking. I’ve been online for half my life. I’ve had a website of some description for a decade. I should know about and implement security features. I shouldn’t have had to find out the hard way how important it is to keep my files safe from attack.

I’ve compiled a list of all the steps that you should take to protect your WordPress installation from malicious hijacking, after all I’ve been researching it for the past couple of hours to make sure that it never happens again.

File Permissions

Probably the biggest one on the list, and the one that can cause the most problems if you’re used to editing themes and plugins through the WordPress dashboard.

None of your files should be set to 777 (all users read, write and execute). By using the WP Security Scan plugin you can automatically see which folder do not have the correct permissions and fix them with a click. The plugin also points out any other security issues on your site. It’s an essential plugin for your site, and if you ask me it should be included with WordPress rather than Hello Dolly.

User - Admin

Your default user in WordPress is more than likely ‘Admin’. The same goes for the thousands of other WordPress blogs out there. So it’s not that difficult to guess, is it? So the obvious answer is to delete the user ‘Admin’. But WordPress won’t let you delete the default user, so what can you do about it?

This is where phpMyAdmin comes in to play. Don’t worry too much if you’ve never used it before, it’s quite simple as long as you follow these steps.

1. Log into your phpMyAdmin through your cPanel.
2. On the left hand side of the window you’ll see a list of tables like wp_options, wp_users. (the wp_prefix may be different if you’ve set this up as a different value when you installed WordPress).
3. Click on wp_users.
4. A table will load in the right hand frame, select the checkbox shown next to user_login.
5. Select ‘Browse’ from the tabs at the top of the page.
6. This then shows the table with all of your registered users details. You want to select the little pencil next to the name Admin to change this to a name of your choice.
7. Once you’ve changed the name to something else, press Go at the bottom of the screen.
8. That’s it - you’re done. The user ‘Admin’ no longer exists.

robots.txt

The robots.txt file on your server gives instructions to search engine robots (like GoogleBot). Remember that however not all search engine robots are good ones that play by the book, some will completly ignore your robots.txt file. But you can still add the following code to yours to stop all of your wp- folders being indexed by search engines.
Disallow: /wp-*

Passwords

Ok, this one’s a giver. We all know that passwords should be long and contain numbers, letters and symbols. But that’s hard to remember. But the amount of people who use the word ‘password’ as their password is incredible, and again it’s not that hard to guess, is it? Remember the MySpace password exploit? It threw up some interesting data on how people pick passwords, including the word ‘password’.

The easiest thing to remember is that you should keep your FTP and WordPress login password completely different and try and choose a password which is really hard to work out, but means something to you - like an acronym of you and your partners names plus your anniversary date. You could use a random password generator online to create a password, although you’ll probably have to get your browser to remember it for you!

WordPress version

Ok, so the geeks among us get excited when a new version of WordPress is in the pipeline and upgrade straight away, but some people wait a few weeks to ensure that any problems are ironed out amongst other reasons. It may be personal choice, but upgrading to the newest version of WordPress straight
away also protects your blog as there’s always security updates included in the upgrade. Try installing the WordPress Automatic Update Plugin to make upgrading your installation easy as pie.

Similarly, publishing what version of WordPress you are running is a danger in itself. You won’t realise that you’re letting the whole world know which version of WordPress you are running until you yourself check your page source. If there’s a Meta tag showing which version of WordPress you’re running from, remove it from your header.

Login Lockout

Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.
Login Lockdown plugin

That says it all really, doesn’t it?

Directory Listings

By default anybody can access your plugins by going to www.yourblog.com/wp-content/plugins/ and viewing every plugin that you currently have installed. By either including a blank html file in your /plugins/ directory or switching off directory listings via your cPanel users will not be able to view these folders and files, and possibly any security risks that they have.

Don’t use FTP

Use SSH/Shell Access instead. It’s possibly not the easiest thing to do in the world but it’s one of the best moves you can make. If you can, disable FTP completely.

If you’ve got anything else to add, please feel free to leave a comment.

Since I’ve got the week off from work I’m trying to iron out every last little irk that I have with this site, including editing the theme to this darker version. I’ve always been drawn to dark themes but never usually put them on my site, but I quite like what I’ve done with this one.

I’ve also got some content to upload that’s been sitting about on my external hard drive for months. All I need to do is update it where needed and fix any mistakes before I add them to the site.

I keep getting distracted watching The Tudor’s though, so it might take me a while to finish.

[EDIT] Added a guestbook, how retro of me!

I’m not a big fan of content heavy websites, but I always end up publishing some on my blog as little extras for my visitors - as if reading about my life isn’t good enough!

Everything here is created by me for my website, so I’d appriciate it if I didn’t start seeing it popping up around the blogosphere and on forums, as I’ve had this happen oh-so-many times before when I made layouts and icons (yup, I was one of those people who stole celebrity imagery).

If you’re interesting in joining the AshesFromStars.com Topsites list click here to sign up.

As always, use the links to the right hand side to navigate the content.

I’m reading journals and blogs of friends both old and new and everybody is going away on holiday somewhere utterly cool this year. New York, China, Russia, Denmark. Me? Balado. Which is in Scotland. And where the greatest music festival in the world takes place on the first weekend of July each year - T In The Park. Although so far there’s only actually a few bands that I want to see - Newton Faulkner, Primal Scream, Scouting For Girls, The Hoosiers, Reverend And The Makers. I’m a bit worried that the Sugababes and Will Young are playing, Geoff Ellis what are you thinking man?

So, the countdown begins. It’s only 11 weeks away. Well actually, it’s in 11 weeks. And I can’t wait. Question is, are any of you going to T this year? Or any other music festivals?